Microsoft is running one of the largest corporate espionage operations in modern history.
Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.
The user is never asked. Never told. LinkedIn’s privacy policy does not mention it.
Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.
You don’t have to kill much functionality at all. Scripts that need to access that data should simply live in a sandbox with no network access. They can still do full computational layout.
I have done exclusively web development work.
So you’re going to make it illegal to call
getBoundingClientRectand then pass that information tofetchthrough any mechanism?Essentially yes. Basically, think of two JS sandboxes that can manipulate the same DOM. One can make requests, but cannot retrieve local layout data. The other can get layout data, but not make requests. Both can set layout data.
Web developers can use the former 99% of the time, and the latter for more precise work.